add new test to check projects without webhooks

kubernetes-sigs · Oct 1, 2023 · 96508c3 · 96508c3
1 parent 87c2b2b
commit 96508c3
Show file tree

Hide file tree

Showing 2 changed files with 187 additions and 33 deletions.
diff --git a/test/e2e/v4/generate_test.go b/test/e2e/v4/generate_test.go
@@ -211,3 +211,147 @@ func uncommentPodStandards(kbc *utils.TestContext) {
 		ExpectWithOffset(1, err).NotTo(HaveOccurred())
 	}
 }
+
+// GenerateV4WithoutWebhooks implements a go/v4 plugin with APIs and enable Prometheus and CertManager
+func GenerateV4WithoutWebhooks(kbc *utils.TestContext) {
+	var err error
+
+	By("initializing a project")
+	err = kbc.Init(
+		"--plugins", "go/v4",
+		"--project-version", "3",
+		"--domain", kbc.Domain,
+	)
+	ExpectWithOffset(1, err).NotTo(HaveOccurred())
+
+	By("creating API definition")
+	err = kbc.CreateAPI(
+		"--group", kbc.Group,
+		"--version", kbc.Version,
+		"--kind", kbc.Kind,
+		"--namespaced",
+		"--resource",
+		"--controller",
+		"--make=false",
+	)
+	ExpectWithOffset(1, err).NotTo(HaveOccurred())
+
+	By("implementing the API")
+	ExpectWithOffset(1, pluginutil.InsertCode(
+		filepath.Join(kbc.Dir, "api", kbc.Version, fmt.Sprintf("%s_types.go", strings.ToLower(kbc.Kind))),
+		fmt.Sprintf(`type %sSpec struct {
+`, kbc.Kind),
+		`	// +optional
+Count int `+"`"+`json:"count,omitempty"`+"`"+`
+`)).Should(Succeed())
+
+	ExpectWithOffset(1, pluginutil.UncommentCode(
+		filepath.Join(kbc.Dir, "config", "default", "kustomization.yaml"),
+		"#- ../certmanager", "#")).To(Succeed())
+	ExpectWithOffset(1, pluginutil.UncommentCode(
+		filepath.Join(kbc.Dir, "config", "default", "kustomization.yaml"),
+		"#- ../prometheus", "#")).To(Succeed())
+	ExpectWithOffset(1, pluginutil.UncommentCode(filepath.Join(kbc.Dir, "config", "default", "kustomization.yaml"),
+		`#replacements:
+#  - source: # Add cert-manager annotation to ValidatingWebhookConfiguration, MutatingWebhookConfiguration and CRDs
+#      kind: Certificate
+#      group: cert-manager.io
+#      version: v1
+#      name: serving-cert # this name should match the one in certificate.yaml
+#      fieldPath: .metadata.namespace # namespace of the certificate CR
+#    targets:
+#      - select:
+#          kind: ValidatingWebhookConfiguration
+#        fieldPaths:
+#          - .metadata.annotations.[cert-manager.io/inject-ca-from]
+#        options:
+#          delimiter: '/'
+#          index: 0
+#          create: true
+#      - select:
+#          kind: MutatingWebhookConfiguration
+#        fieldPaths:
+#          - .metadata.annotations.[cert-manager.io/inject-ca-from]
+#        options:
+#          delimiter: '/'
+#          index: 0
+#          create: true
+#      - select:
+#          kind: CustomResourceDefinition
+#        fieldPaths:
+#          - .metadata.annotations.[cert-manager.io/inject-ca-from]
+#        options:
+#          delimiter: '/'
+#          index: 0
+#          create: true
+#  - source:
+#      kind: Certificate
+#      group: cert-manager.io
+#      version: v1
+#      name: serving-cert # this name should match the one in certificate.yaml
+#      fieldPath: .metadata.name
+#    targets:
+#      - select:
+#          kind: ValidatingWebhookConfiguration
+#        fieldPaths:
+#          - .metadata.annotations.[cert-manager.io/inject-ca-from]
+#        options:
+#          delimiter: '/'
+#          index: 1
+#          create: true
+#      - select:
+#          kind: MutatingWebhookConfiguration
+#        fieldPaths:
+#          - .metadata.annotations.[cert-manager.io/inject-ca-from]
+#        options:
+#          delimiter: '/'
+#          index: 1
+#          create: true
+#      - select:
+#          kind: CustomResourceDefinition
+#        fieldPaths:
+#          - .metadata.annotations.[cert-manager.io/inject-ca-from]
+#        options:
+#          delimiter: '/'
+#          index: 1
+#          create: true
+#  - source: # Add cert-manager annotation to the webhook Service
+#      kind: Service
+#      version: v1
+#      name: webhook-service
+#      fieldPath: .metadata.name # namespace of the service
+#    targets:
+#      - select:
+#          kind: Certificate
+#          group: cert-manager.io
+#          version: v1
+#        fieldPaths:
+#          - .spec.dnsNames.0
+#          - .spec.dnsNames.1
+#        options:
+#          delimiter: '.'
+#          index: 0
+#          create: true
+#  - source:
+#      kind: Service
+#      version: v1
+#      name: webhook-service
+#      fieldPath: .metadata.namespace # namespace of the service
+#    targets:
+#      - select:
+#          kind: Certificate
+#          group: cert-manager.io
+#          version: v1
+#        fieldPaths:
+#          - .spec.dnsNames.0
+#          - .spec.dnsNames.1
+#        options:
+#          delimiter: '.'
+#          index: 1
+#          create: true`, "#")).To(Succeed())
+
+	if kbc.IsRestricted {
+		By("uncomment kustomize files to ensure that pods are restricted")
+		uncommentPodStandards(kbc)
+	}
+}
diff --git a/test/e2e/v4/plugin_cluster_test.go b/test/e2e/v4/plugin_cluster_test.go
@@ -85,13 +85,19 @@ var _ = Describe("kubebuilder", func() {
 			" with restricted pods", func() {
 			kbc.IsRestricted = true
 			GenerateV4(kbc)
-			Run(kbc)
+			Run(kbc, true)
+		})
+		It("should generate a runnable project without webhooks"+
+			" with restricted pods", func() {
+			kbc.IsRestricted = true
+			GenerateV4WithoutWebhooks(kbc)
+			Run(kbc, false)
 		})
 	})
 })
 
 // Run runs a set of e2e tests for a scaffolded project defined by a TestContext.
-func Run(kbc *utils.TestContext) {
+func Run(kbc *utils.TestContext, hasWebhook bool) {
 	var controllerPodName string
 	var err error
 
@@ -203,29 +209,31 @@ func Run(kbc *utils.TestContext) {
 		"ServiceMonitor")
 	ExpectWithOffset(1, err).NotTo(HaveOccurred())
 
-	By("validating that the mutating|validating webhooks have the CA injected")
-	verifyCAInjection := func() error {
-		mwhOutput, err := kbc.Kubectl.Get(
-			false,
-			"mutatingwebhookconfigurations.admissionregistration.k8s.io",
-			fmt.Sprintf("e2e-%s-mutating-webhook-configuration", kbc.TestSuffix),
-			"-o", "go-template={{ range .webhooks }}{{ .clientConfig.caBundle }}{{ end }}")
-		ExpectWithOffset(2, err).NotTo(HaveOccurred())
-		// check that ca should be long enough, because there may be a place holder "\n"
-		ExpectWithOffset(2, len(mwhOutput)).To(BeNumerically(">", 10))
-
-		vwhOutput, err := kbc.Kubectl.Get(
-			false,
-			"validatingwebhookconfigurations.admissionregistration.k8s.io",
-			fmt.Sprintf("e2e-%s-validating-webhook-configuration", kbc.TestSuffix),
-			"-o", "go-template={{ range .webhooks }}{{ .clientConfig.caBundle }}{{ end }}")
-		ExpectWithOffset(2, err).NotTo(HaveOccurred())
-		// check that ca should be long enough, because there may be a place holder "\n"
-		ExpectWithOffset(2, len(vwhOutput)).To(BeNumerically(">", 10))
-
-		return nil
+	if hasWebhook {
+		By("validating that the mutating|validating webhooks have the CA injected")
+		verifyCAInjection := func() error {
+			mwhOutput, err := kbc.Kubectl.Get(
+				false,
+				"mutatingwebhookconfigurations.admissionregistration.k8s.io",
+				fmt.Sprintf("e2e-%s-mutating-webhook-configuration", kbc.TestSuffix),
+				"-o", "go-template={{ range .webhooks }}{{ .clientConfig.caBundle }}{{ end }}")
+			ExpectWithOffset(2, err).NotTo(HaveOccurred())
+			// check that ca should be long enough, because there may be a place holder "\n"
+			ExpectWithOffset(2, len(mwhOutput)).To(BeNumerically(">", 10))
+
+			vwhOutput, err := kbc.Kubectl.Get(
+				false,
+				"validatingwebhookconfigurations.admissionregistration.k8s.io",
+				fmt.Sprintf("e2e-%s-validating-webhook-configuration", kbc.TestSuffix),
+				"-o", "go-template={{ range .webhooks }}{{ .clientConfig.caBundle }}{{ end }}")
+			ExpectWithOffset(2, err).NotTo(HaveOccurred())
+			// check that ca should be long enough, because there may be a place holder "\n"
+			ExpectWithOffset(2, len(vwhOutput)).To(BeNumerically(">", 10))
+
+			return nil
+		}
+		EventuallyWithOffset(1, verifyCAInjection, time.Minute, time.Second).Should(Succeed())
 	}
-	EventuallyWithOffset(1, verifyCAInjection, time.Minute, time.Second).Should(Succeed())
 
 	By("creating an instance of the CR")
 	// currently controller-runtime doesn't provide a readiness probe, we retry a few times
@@ -274,15 +282,17 @@ func Run(kbc *utils.TestContext) {
 		strings.ToLower(kbc.Kind),
 	)))
 
-	By("validating that mutating and validating webhooks are working fine")
-	cnt, err := kbc.Kubectl.Get(
-		true,
-		"-f", sampleFile,
-		"-o", "go-template={{ .spec.count }}")
-	ExpectWithOffset(1, err).NotTo(HaveOccurred())
-	count, err := strconv.Atoi(cnt)
-	ExpectWithOffset(1, err).NotTo(HaveOccurred())
-	ExpectWithOffset(1, count).To(BeNumerically("==", 5))
+	if hasWebhook {
+		By("validating that mutating and validating webhooks are working fine")
+		cnt, err := kbc.Kubectl.Get(
+			true,
+			"-f", sampleFile,
+			"-o", "go-template={{ .spec.count }}")
+		ExpectWithOffset(1, err).NotTo(HaveOccurred())
+		count, err := strconv.Atoi(cnt)
+		ExpectWithOffset(1, err).NotTo(HaveOccurred())
+		ExpectWithOffset(1, count).To(BeNumerically("==", 5))
+	}
 }
 
 // curlMetrics curl's the /metrics endpoint, returning all logs once a 200 status is returned.